CVE-2026-50751
KEVCheck Point Security Gateway Improper Authentication Vulnerability
9.3
CriticalPublished:
Last updated:
Source:cve@checkpoint.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Changed
- Confidentiality
- High
- Integrity
- Low
- Availability
- None
Description
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
References
cve@checkpoint.com
https://support.checkpoint.com/results/sk/sk185033134c704f-9b21-4f2e-91b3-4a467353bcc0
https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-50751